| CVE-2016-6582 |
critical |
9.1 |
9.1 |
|
|
|
10y ago |
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specificat… |
| CVE-2014-8144 |
medium |
— |
6.8 |
|
|
|
12y ago |
Doorkeeper vulnerable to Cross-site Request Forgery |
| CVE-2023-34246 |
unknown |
— |
— |
|
|
|
3y ago |
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been p… |
| CVE-2020-10187 |
unknown |
— |
— |
|
|
|
6y ago |
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authoriz… |
| CVE-2018-1000211 |
unknown |
— |
— |
|
|
|
8y ago |
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps… |
| CVE-2018-1000088 |
unknown |
— |
— |
|
|
|
8y ago |
Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth … |
